CWE-457
AllowedUse of Uninitialized Variable
Abstraction: Variant · Status: Draft
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
298 vulnerabilities reference this CWE, most recent first.
GHSA-3FP8-PM45-CC3H
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-06 06:30Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-11138"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:17:19Z",
"severity": "MODERATE"
},
"details": "Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-3fp8-pm45-cc3h",
"modified": "2026-06-06T06:30:28Z",
"published": "2026-06-05T00:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11138"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/501650354"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3G3J-WMQV-CCGW
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 18:31Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-11087"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:17:13Z",
"severity": "MODERATE"
},
"details": "Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-3g3j-wmqv-ccgw",
"modified": "2026-06-05T18:31:35Z",
"published": "2026-06-05T00:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11087"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/500140149"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3H3X-2HWV-HR52
Vulnerability from github – Published: 2024-10-01 21:31 – Updated: 2025-05-14 18:30A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/golang-fips/openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-9355"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-01T22:31:42Z",
"nvd_published_at": "2024-10-01T19:15:09Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.\u00a0 It is also possible to force a derived key to be all zeros instead of an unpredictable value.\u00a0 This may have follow-on implications for the Go TLS stack.",
"id": "GHSA-3h3x-2hwv-hr52",
"modified": "2025-05-14T18:30:40Z",
"published": "2024-10-01T21:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9355"
},
{
"type": "WEB",
"url": "https://github.com/golang-fips/openssl/pull/198"
},
{
"type": "WEB",
"url": "https://github.com/github/advisory-database/pull/4950"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2024-3167"
},
{
"type": "PACKAGE",
"url": "https://github.com/golang-fips/openssl"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315719"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-9355"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7624"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7256"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:7118"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:2416"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:9551"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8847"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8678"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8327"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:7550"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:7502"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:10133"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability"
}
GHSA-3H9H-QFVW-98HQ
Vulnerability from github – Published: 2026-04-06 17:51 – Updated: 2026-04-06 17:51Summary
While fuzzing openexr_exrcheck_fuzzer, Valgrind reports a conditional branch depending on uninitialized data inside generic_unpack. This indicates a use of uninitialized memory (CWE-457). The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC.
Details
Environment:
- Tooling: valgrind --tool=memcheck --track-origins=yes
- Target: openexr_exrcheck_fuzzer
- OS: Ubuntu 20.04.6 LTS focal x86_64
- openexr version and Git-commit hash: openexr 3.4.2 | commit fd657e8a41e157e5841c7cc2e2a5efe094b069a1 (grafted, HEAD -> main, origin/main, origin/HEAD)
Function: generic_unpack
Possible root cause (based on observed symptoms):
The unpacker is branching on bytes in a scratch buffer that were never written because the decode step didn’t fully populate it.
- The first use flagged is in generic_unpack(). That function reads from the decompressed/expanded pixel buffer to scatter data into the framebuffer. A “conditional jump depends on uninitialised value(s)” means it’s consulting bytes in that buffer before they were written.
- Valgrind says the uninitialised value “was created by a heap allocation (malloc)”, not the stack: this matches a per-tile/per-scanline decode scratch buffer allocated in exr_decoding_run().
Valgrind Trace (top frames):
==454== Conditional jump or move depends on uninitialised value(s)
==454== at 0x4539BE: generic_unpack (in /out/openexr_exrcheck_fuzzer)
==454== by 0x44B85F: exr_decoding_run (in /out/openexr_exrcheck_fuzzer)
==454== by 0x38BC5F: Imf_4_0::(anonymous namespace)::TileProcess::run_decode(_priv_exr_context_t const*, int, Imf_4_0::FrameBuffer const*, std::__1::vector<Imf_4_0::Slice, std::__1::allocator<Imf_4_0::Slice> > const&) (in /out/openexr_exrcheck_fuzzer)
==454== by 0x388BE1: Imf_4_0::TiledInputFile::Data::readTiles(int, int, int, int, int, int) (in /out/openexr_exrcheck_fuzzer)
==454== by 0x388619: Imf_4_0::TiledInputFile::readTiles(int, int, int, int, int, int) (in /out/openexr_exrcheck_fuzzer)
==454== by 0x353755: Imf_4_0::InputFile::Data::bufferedReadPixels(int, int) (in /out/openexr_exrcheck_fuzzer)
==454== by 0x352286: Imf_4_0::InputFile::readPixels(int) (in /out/openexr_exrcheck_fuzzer)
==454== by 0x3190FA: Imf_4_0::(anonymous namespace)::readMultiPart(Imf_4_0::MultiPartInputFile&, bool, bool) (in /out/openexr_exrcheck_fuzzer)
==454== by 0x314C4D: Imf_4_0::checkOpenEXRFile(char const*, unsigned long, bool, bool, bool) (in /out/openexr_exrcheck_fuzzer)
==454== Uninitialised value was created by a heap allocation at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
PoC
In the attached archive, you will find: - The executable used for our tests. - The testcase used to trigger the bug.
To observe the bug, simply run the OSS-Fuzz helper script:
git clone https://github.com/google/oss-fuzz.git
cd oss-fuzz
python3 infra/helper.py build_image openexr
python3 infra/helper.py build_fuzzers --sanitizer=none openexr
python3 infra/helper.py shell openexr
apt update && apt install -y valgrind
ulimit -n 65535
valgrind --tool=memcheck --track-origins=yes /out/openexr_exrcheck_fuzzer /path/to/poc
Impact
- Undefined Behavior
- Potential crash
- Denial of Service
Credit: Aldo Ristori archive0.zip
Update Note:
Other saved testcases from the fuzzing campaign trigger the same underlying bug, but with a different manifestation. So there is one root cause (missing post-decode validation / zero-init before any unpack), with different call-sites. Below there are several archives, formatted like the previous one, that reproduce the other test cases.
Other observed sinks (distinct manifestations of the same bug):
Deep pointers path: generic_unpack_deep_pointers (deep scanline/tiled) archive1.zip
Deep sample table path: unpack_sample_table (deep scanline) archive2.zip
Half conversion path: half_to_float_buffer_f16c via unpack_half_to_float_3chan_planar archive3.zip
Deep compositing: CompositeDeepScanLine::readPixels → ThreadPool::addTask → LineCompositeTask::execute archive4.zip
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "OpenEXR"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "OpenEXR"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"fixed": "3.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-64181"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-06T17:51:11Z",
"nvd_published_at": "2025-11-10T22:15:36Z",
"severity": "LOW"
},
"details": "### Summary\nWhile fuzzing `openexr_exrcheck_fuzzer`, Valgrind reports a conditional branch depending on uninitialized data inside `generic_unpack`. This indicates a use of uninitialized memory (CWE-457). The issue is reproducible with the current OSS-Fuzz harness and a single-file PoC.\n\n### Details\n\n**Environment:**\n- Tooling: `valgrind --tool=memcheck --track-origins=yes`\n- Target: `openexr_exrcheck_fuzzer`\n- OS: Ubuntu 20.04.6 LTS focal x86_64\n- openexr version and Git-commit hash: ` openexr 3.4.2 | commit fd657e8a41e157e5841c7cc2e2a5efe094b069a1 (grafted, HEAD -\u003e main, origin/main, origin/HEAD)`\n\nFunction: `generic_unpack`\n\nPossible root cause (based on observed symptoms):\nThe unpacker is branching on bytes in a scratch buffer that were never written because the decode step didn\u2019t fully populate it.\n- The first use flagged is in `generic_unpack()`. That function reads from the decompressed/expanded pixel buffer to scatter data into the framebuffer. A \u201cconditional jump depends on uninitialised value(s)\u201d means it\u2019s consulting bytes in that buffer before they were written.\n- Valgrind says the uninitialised value \u201cwas created by a heap allocation (malloc)\u201d, not the stack: this matches a per-tile/per-scanline decode scratch buffer allocated in `exr_decoding_run()`.\n\n**Valgrind Trace (top frames):**\n```bash\n==454== Conditional jump or move depends on uninitialised value(s)\n==454== at 0x4539BE: generic_unpack (in /out/openexr_exrcheck_fuzzer)\n==454== by 0x44B85F: exr_decoding_run (in /out/openexr_exrcheck_fuzzer)\n==454== by 0x38BC5F: Imf_4_0::(anonymous namespace)::TileProcess::run_decode(_priv_exr_context_t const*, int, Imf_4_0::FrameBuffer const*, std::__1::vector\u003cImf_4_0::Slice, std::__1::allocator\u003cImf_4_0::Slice\u003e \u003e const\u0026) (in /out/openexr_exrcheck_fuzzer)\n==454== by 0x388BE1: Imf_4_0::TiledInputFile::Data::readTiles(int, int, int, int, int, int) (in /out/openexr_exrcheck_fuzzer)\n==454== by 0x388619: Imf_4_0::TiledInputFile::readTiles(int, int, int, int, int, int) (in /out/openexr_exrcheck_fuzzer)\n==454== by 0x353755: Imf_4_0::InputFile::Data::bufferedReadPixels(int, int) (in /out/openexr_exrcheck_fuzzer)\n==454== by 0x352286: Imf_4_0::InputFile::readPixels(int) (in /out/openexr_exrcheck_fuzzer)\n==454== by 0x3190FA: Imf_4_0::(anonymous namespace)::readMultiPart(Imf_4_0::MultiPartInputFile\u0026, bool, bool) (in /out/openexr_exrcheck_fuzzer)\n==454== by 0x314C4D: Imf_4_0::checkOpenEXRFile(char const*, unsigned long, bool, bool, bool) (in /out/openexr_exrcheck_fuzzer)\n==454== Uninitialised value was created by a heap allocation at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)\n```\n\n### PoC\nIn the attached archive, you will find:\n- The executable used for our tests.\n- The testcase used to trigger the bug.\n\nTo observe the bug, simply run the OSS-Fuzz helper script:\n```bash\ngit clone https://github.com/google/oss-fuzz.git\ncd oss-fuzz\n\npython3 infra/helper.py build_image openexr\npython3 infra/helper.py build_fuzzers --sanitizer=none openexr\npython3 infra/helper.py shell openexr\n\napt update \u0026\u0026 apt install -y valgrind\nulimit -n 65535\nvalgrind --tool=memcheck --track-origins=yes /out/openexr_exrcheck_fuzzer /path/to/poc\n```\n\n### Impact\n- Undefined Behavior\n- Potential crash\n- Denial of Service\n\n**Credit:** Aldo Ristori\n[archive0.zip](https://github.com/user-attachments/files/23024726/archive0.zip)\n\n\n\n### Update Note:\nOther saved testcases from the fuzzing campaign trigger the same underlying bug, but with a different manifestation. So there is one root cause (missing post-decode validation / zero-init before any unpack), with different call-sites. Below there are several archives, formatted like the previous one, that reproduce the other test cases.\n\n**Other observed sinks (distinct manifestations of the same bug):**\n\n**Deep pointers path:**\ngeneric_unpack_deep_pointers (deep scanline/tiled)\n[archive1.zip](https://github.com/user-attachments/files/23024736/archive1.zip)\n\n\n**Deep sample table path:**\nunpack_sample_table (deep scanline)\n[archive2.zip](https://github.com/user-attachments/files/23024740/archive2.zip)\n\n\n**Half conversion path:**\nhalf_to_float_buffer_f16c via unpack_half_to_float_3chan_planar\n[archive3.zip](https://github.com/user-attachments/files/23024744/archive3.zip)\n\n\n**Deep compositing:**\nCompositeDeepScanLine::readPixels \u2192 ThreadPool::addTask \u2192 LineCompositeTask::execute\n[archive4.zip](https://github.com/user-attachments/files/23024746/archive4.zip)",
"id": "GHSA-3h9h-qfvw-98hq",
"modified": "2026-04-06T17:51:11Z",
"published": "2026-04-06T17:51:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3h9h-qfvw-98hq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64181"
},
{
"type": "PACKAGE",
"url": "https://github.com/AcademySoftwareFoundation/openexr"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/23024726/archive0.zip"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/23024736/archive1.zip"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/23024740/archive2.zip"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/23024744/archive3.zip"
},
{
"type": "WEB",
"url": "https://github.com/user-attachments/files/23024746/archive4.zip"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "OpenEXR Makes Use of Uninitialized Memory"
}
GHSA-3M3V-363X-RF9H
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 03:35Uninitialized Use in Cast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-13940"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:07Z",
"severity": "MODERATE"
},
"details": "Uninitialized Use in Cast in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Medium)",
"id": "GHSA-3m3v-363x-rf9h",
"modified": "2026-07-01T03:35:22Z",
"published": "2026-07-01T00:34:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13940"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513158425"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3Q68-HM47-94VG
Vulnerability from github – Published: 2024-09-04 00:31 – Updated: 2025-11-04 00:31A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
{
"affected": [],
"aliases": [
"CVE-2024-45615"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-03T22:15:04Z",
"severity": "LOW"
},
"details": "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.",
"id": "GHSA-3q68-hm47-94vg",
"modified": "2025-11-04T00:31:20Z",
"published": "2024-09-04T00:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45615"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-45615"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309285"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3R86-94R4-7MG9
Vulnerability from github – Published: 2025-12-02 03:31 – Updated: 2025-12-02 15:30In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4820.
{
"affected": [],
"aliases": [
"CVE-2025-20766"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-02T03:16:17Z",
"severity": "HIGH"
},
"details": "In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4820.",
"id": "GHSA-3r86-94r4-7mg9",
"modified": "2025-12-02T15:30:30Z",
"published": "2025-12-02T03:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20766"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3R8R-7QH7-3HH4
Vulnerability from github – Published: 2025-03-13 18:32 – Updated: 2025-08-19 15:31A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2025-1427"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-13T17:15:34Z",
"severity": "HIGH"
},
"details": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.",
"id": "GHSA-3r8r-7qh7-3hh4",
"modified": "2025-08-19T15:31:18Z",
"published": "2025-03-13T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1427"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3RGQ-74P3-8XC5
Vulnerability from github – Published: 2026-02-11 15:30 – Updated: 2026-02-12 18:30A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways.
We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
{
"affected": [],
"aliases": [
"CVE-2025-58466"
],
"database_specific": {
"cwe_ids": [
"CWE-457"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T13:15:56Z",
"severity": "LOW"
},
"details": "A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.8.3332 build 20251128 and later\nQuTS hero h5.2.8.3321 build 20251117 and later",
"id": "GHSA-3rgq-74p3-8xc5",
"modified": "2026-02-12T18:30:21Z",
"published": "2026-02-11T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58466"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-26-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3W4C-53GW-R9PV
Vulnerability from github – Published: 2024-10-10 18:31 – Updated: 2024-10-17 15:31Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2024-47966"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-10T18:15:08Z",
"severity": "HIGH"
},
"details": "Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.",
"id": "GHSA-3w4c-53gw-r9pv",
"modified": "2024-10-17T15:31:08Z",
"published": "2024-10-10T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47966"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-57
Strategy: Attack Surface Reduction
Ensure that critical variables are initialized before first use [REF-1485].
Mitigation
Strategy: Compilation or Build Hardening
Most compilers will complain about the use of uninitialized variables if warnings are turned on.
Mitigation
When using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable's name.
Mitigation
Strategy: Language Selection
Choose a language that is not susceptible to these issues.
Mitigation
Mitigating technologies such as safe string libraries and container abstractions could be introduced.
No CAPEC attack patterns related to this CWE.